Overview

overview

10

Static

static

e5ef77f621...0a.dll

windows7_x64

1

e5ef77f621...0a.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    84s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    18-04-2022 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ef77f621f085a8508b4dbad7fdac5e4a77b3a9bab4f4c8ad59d579bf88e10a.dll

  • Size

    667KB

  • MD5

    667a3f054a634a5d2f12adb71b1b3049

  • SHA1

    305691499cb521c282a92628baeb8d16c4f33002

  • SHA256

    e5ef77f621f085a8508b4dbad7fdac5e4a77b3a9bab4f4c8ad59d579bf88e10a

  • SHA512

    24e3829440d4cb8b2a0d7b755a7e7625f3d2ac69815928a5e8ccb57585be51ad4ca3a1988d716fc80bc050b3badd445f2f35af6e32a69afbaa021c3a20338b04

Score
10/10
zloaderdll26dll26botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

dll26

Campaign

dll26

C2

https://eecakesconf.at/web982/gate.php

Attributes
  • build_id

    7

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5ef77f621f085a8508b4dbad7fdac5e4a77b3a9bab4f4c8ad59d579bf88e10a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e5ef77f621f085a8508b4dbad7fdac5e4a77b3a9bab4f4c8ad59d579bf88e10a.dll,#1
      2⤵
        PID:2612
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec.exe
          3⤵
            PID:932

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/932-136-0x0000000000000000-mapping.dmp
        Download
      • memory/932-137-0x0000000000A10000-0x0000000000A36000-memory.dmp
        Filesize

        152KB

        Download
      • memory/932-138-0x0000000000A10000-0x0000000000A36000-memory.dmp
        Filesize

        152KB

        Download
      • memory/2612-133-0x0000000000000000-mapping.dmp
        Download
      • memory/2612-134-0x00000000749F0000-0x0000000074A16000-memory.dmp
        Filesize

        152KB

        Download
      • memory/2612-135-0x00000000749F0000-0x0000000074AA3000-memory.dmp
        Filesize

        716KB

        Download